<?php

/***************************************************************\
* FILE:		sys/pages/comment.inc
* SECTION:	pages > items
* FUNCTION:	add anonymous comments to items
* USES:	
* INCLUDES:	/sys/inputcheck.inc	
* PRODUCES:	
* LAUNCHES:	
\***************************************************************/

$no_menu = 1;

/**
 * adds extra access checks, dependent on page state
 */
function page_inc_check_access() {
	check_access("READ");
	check_access("COMMENT");
}

/**
 * appropriate page action interpretations
 */
function page_inc_execute_action($action) {
	switch($action) {
		case "edit":
			if (!has_access("MODERATE") and !has_access("ADMIN"))
				errorpage(5);
			break;
		default:
			add_alert("unknown action");
			break;
	}
}

/**
 * execute page logic
 */
function page_inc_execute() {

	global $PAGE;
	$THISDIR = $PAGE['directory_tree'][$PAGE['dir_depth']-1];
	
	if ($_POST['delete'] and $_GET['action'] == "edit") {
	
		if (!$_POST['comment_id'])
			errorpage(9);
	
		if (!$_POST['confirmed']) {
			$PAGE['content']['form'] = form_confirm("Zeker dat dit commentaar weg moet?");
			return;
		} else if ($_POST['confirmed'] == "YES") {
			$sql = db_query_delete("ITEM_COMMENT", "item_comment_id = {$_POST['comment_id']}");
			db_do_query($sql);
			die("deleted");
		}
		
	}

	if ($_POST['submitted']) {
	
		include_once('sys/inputcheck.inc');
		
		$ok = check_tags($_POST['name'], "naam") ? 1 : 0;
		$ok = (check_exists($_POST['name'], "naam") and $ok) ? 1 : 0;
		$ok = (check_email($_POST['email'], "email") and $ok) ? 1 : 0;
		$ok = (check_exists($_POST['email'], "email") and $ok) ? 1 : 0;
		$ok = (check_exists($_POST['body'], "commentaar") and $ok) ? 1 : 0;
		$ok = (check_tags_markup($_POST['body'], "commentaar") and $ok) ? 1 : 0;
		
		if ($ok) {
			
			if ($_GET['action'] == "edit") {
				if (!$_POST['comment_id'])
					errorpage(9);
				$sql = db_query_update(array('posted_by', 'posted_by_email', 'body'), array(db_sqlize($_POST['name']), db_sqlize($_POST['email']), db_sqlize($_POST['body'])), "ITEM_COMMENT", "item_comment_id = {$_POST['comment_id']}");
			} else {
				$ipstring = $_SERVER["REMOTE_ADDR"]." - ".$_SERVER["HTTP_X_FORWARDED_FOR"];
				$sql = db_query_insert(array('item_id', 'posted_by', 'posted_by_email', 'posted_by_ip', 'posted_at', 'body'), array($PAGE['id'], db_sqlize($_POST['name']), db_sqlize($_POST['email']), db_sqlize($ipstring), "NOW(14)", db_sqlize($_POST['body'])), "ITEM_COMMENT");
			}
			db_do_query($sql);
			
			die("ok!");
		
		}
	}
	
	if ($_GET['action'] == "edit") {
	
		$sql = db_query_select(array(array('*'), array()), array("ITEM_COMMENT", "ITEM_IN INNER JOIN SUB_IN ON ITEM_IN.sub_id = SUB_IN.sub_id"), "ITEM_COMMENT.item_id = ITEM_IN.item_id AND SUB_IN.dir_id = {$THISDIR['dir_id']}");
		$sqlresult = db_do_query($sql);
		if (db_num_rows($sqlresult) != 1)
			errorpage(404);
		$comment = db_fetch_array($sqlresult);

	}
	$inputs = array();
	if ($_GET['action'] == "edit")
		$inputs[] = form_input_hidden("comment_id", $comment['item_comment_id']);
	$inputs[] = form_input_field("Naam", "name", $comment['posted_by']);
	$inputs[] = form_input_field("Email", "email", $comment['posted_by_email']);
	$inputs[] = form_input_text("Commentaar", "body", $comment['body']);
	if ($_GET['action'] == "edit")
		$inputs[] = form_input_checkbox("Dit commentaar verwijderen", "delete");
	
	$PAGE['content']['form'] = form_create("commentform", array_reverse($inputs), $REQUEST_URI);
	
	$PAGE['content']['title'] = "Reageren op item #{$PAGE['id']}";

}


/**
 * dress up page content using skin stuff
 */
function page_inc_dress() {
	global $PAGE;
	print_form($PAGE['content']['form']);
}

?>